權限組件、頻率組件
權限組件
1.權限簡介
只有超級用戶才能訪問指定的數據,普通用戶不能訪問,因此就要有權限組件對其進行限制。django
2.局部使用
# 寫一個權限類 from rest_framework.permissions omport BasePermission class MyPermission(BasePermission): message = '' def has_permission(self, request, view): user_type = request.user.user_type if user_type == 1 or user_type == 2: return True else: self.message = '你不是VIP或超級會員,不能查看' return False
視圖類中:api
from rest_framework.views import APIView from app01.MySerializers import * class BooksView(APIView): # 局部使用,在視圖類中加入: permission_classes = [MyPermission,] def get(self, request): user = request.user book_list = models.Book.objects.all() book_ser = BookSerialzers(instance=book_list, many=True) return Response(book_ser.data)
3.全局使用
REST_FRAMEWORK={ "DEFAULT_PERMISSION_CLASSES":["app01.my_auth.MyPermission",] }
局部禁用:
在視圖類中:緩存
permission_classes = []
4.源碼分析
# 執行APIView中的dispatch方法--->執行self.initial(request, *args, **kwargs)方法
--->執行self.check_permissions(request)方法
--->在權限類中重寫def has_permission(self, request, view)方法,其中本身寫權限認證的邏輯
def check_permissions(self, request): for permission in self.get_permissions(): if not permission.has_permission(request, self): self.permission_denied( request, message=getattr(permission, 'message', None) )
self.get_permissions()app
def get_permissions(self): return [permission() for permission in self.permission_classes]
頻率組件
1.頻率簡介
爲了控制用戶對某個url請求的頻率,好比:一分鐘之內,只能訪問三次ide
2.自定義頻率類(自定義規則)
自定義邏輯:源碼分析
#(1)取出訪問者ip # (2)判斷當前ip不在訪問字典裏,添加進去,而且直接返回True,表示第一次訪問,在字典裏,繼續往下走 # (3)循環判斷當前ip的列表,有值,而且當前時間減去列表的最後一個時間大於60s,把這種數據pop掉,這樣列表中只有60s之內的訪問時間, # (4)判斷,當列表小於3,說明一分鐘之內訪問不足三次,把當前時間插入到列表第一個位置,返回True,順利經過 # (5)當大於等於3,說明一分鐘內訪問超過三次,返回False驗證失敗
代碼驗證:post
寫一個類繼承BaseThrottle,重寫def allow_request(self, request, view)方法:url
class MyThrottles(): VISIT_RECORD = {} def __init__(self): self.history=None def allow_request(self,request, view): #(1)取出訪問者ip # print(request.META) ip=request.META.get('REMOTE_ADDR') import time ctime=time.time() # (2)判斷當前ip不在訪問字典裏,添加進去,而且直接返回True,表示第一次訪問 if ip not in self.VISIT_RECORD: self.VISIT_RECORD[ip]=[ctime,] return True self.history=self.VISIT_RECORD.get(ip) # (3)循環判斷當前ip的列表,有值,而且當前時間減去列表的最後一個時間大於60s,把這種數據pop掉,這樣列表中只有60s之內的訪問時間, while self.history and ctime-self.history[-1]>60: self.history.pop() # (4)判斷,當列表小於3,說明一分鐘之內訪問不足三次,把當前時間插入到列表第一個位置,返回True,順利經過 # (5)當大於等於3,說明一分鐘內訪問超過三次,返回False驗證失敗 if len(self.history)<3: self.history.insert(0,ctime) return True else: return False def wait(self): import time ctime=time.time() return 60-(ctime-self.history[-1])
3.內置頻率類及局部使用
寫一個類繼承SimpleRateThrottle, (根據ip限制),重寫get_cache_key(self, request, view)方法:spa
class MyThrottle(SimpleRateThrottle): scope = 'my_throttle' def get_cache_key(self, request, view): return self.get_ident(request) # 自定義頻率限制的規則參數
在settings.py文件中配置:rest
REST_FRAMEWORK = { 'DEFAULT_THROTTLE_RATES': { 'my_throttle': '10/m' } }
視圖類中:
throttle_classes = [MyThrottle, ]
錯誤信息的中文提示:
class Course(APIView): authentication_classes = [TokenAuth, ] permission_classes = [UserPermission, ] throttle_classes = [MyThrottles,] def get(self, request): return HttpResponse('get') def post(self, request): return HttpResponse('post') def throttled(self, request, wait): from rest_framework.exceptions import Throttled class MyThrottled(Throttled): default_detail = '傻逼啊' extra_detail_singular = '還有 {wait} second.' extra_detail_plural = '出了 {wait} seconds.' raise MyThrottled(wait)
內置頻率限制類:
BaseThrottle是全部類的基類:方法:def get_ident(self, request)獲取標識,其實就是獲取ip,自定義的須要繼承它
AnonRateThrottle:未登陸用戶ip限制,須要配合auth模塊用
SimpleRateThrottle:重寫此方法,能夠實現頻率如今,不須要我們手寫上面自定義的邏輯
UserRateThrottle:登陸用戶頻率限制,這個得配合auth模塊來用
ScopedRateThrottle:應用在局部視圖上的(忽略)
4.全局使用
在settings.py文件中配置:
REST_FRAMEWORK = { 'DEFAULT_THROTTLE_CLASSES': ['app01.my_auth.MyThrottle', ], 'DEFAULT_THROTTLE_RATES':{ 'luffy':'3/m' } }
局部禁用:
在視圖類中:
throttle_classes = []
5.源碼分析
# 繼承BaseThrottle類時: # 執行APIView中的dispatch方法--->執行self.initial(request, *args, **kwargs)方法 --->執行self.check_throttles(request) --->在權限類中重寫def allow_request(self, request, view)方法,其中本身寫頻率限制的邏輯 # 繼承SimpleRateThrottle類時: # 執行APIView中的dispatch方法--->執行self.initial(request, *args, **kwargs)方法 --->執行self.check_throttles(request) --->在權限類中重寫def get_cache_key(self, request, view)方法,其中本身寫頻率限制的邏輯
def check_throttles(self, request): for throttle in self.get_throttles(): if not throttle.allow_request(request, self): self.throttled(request, throttle.wait()) def throttled(self, request, wait): #拋異常,能夠自定義異常,實現錯誤信息的中文顯示 raise exceptions.Throttled(wait)
class SimpleRateThrottle(BaseThrottle): # 咱本身寫的放在了全局變量,他的在django的緩存中 cache = default_cache # 獲取當前時間,跟咱寫的同樣 timer = time.time # 作了一個字符串格式化, cache_format = 'throttle_%(scope)s_%(ident)s' scope = None # 從配置文件中取DEFAULT_THROTTLE_RATES,因此咱配置文件中應該配置,不然報錯 THROTTLE_RATES = api_settings.DEFAULT_THROTTLE_RATES def __init__(self): if not getattr(self, 'rate', None): # 從配置文件中找出scope配置的名字對應的值,好比咱寫的‘3/m’,他取出來 self.rate = self.get_rate() # 解析'3/m',解析成 3 m self.num_requests, self.duration = self.parse_rate(self.rate) # 這個方法須要重寫 def get_cache_key(self, request, view): """ Should return a unique cache-key which can be used for throttling. Must be overridden. May return `None` if the request should not be throttled. """ raise NotImplementedError('.get_cache_key() must be overridden') def get_rate(self): if not getattr(self, 'scope', None): msg = ("You must set either `.scope` or `.rate` for '%s' throttle" % self.__class__.__name__) raise ImproperlyConfigured(msg) try: # 獲取在setting裏配置的字典中的之,self.scope是 咱寫的luffy return self.THROTTLE_RATES[self.scope] except KeyError: msg = "No default throttle rate set for '%s' scope" % self.scope raise ImproperlyConfigured(msg) # 解析 3/m這種傳參 def parse_rate(self, rate): """ Given the request rate string, return a two tuple of: <allowed number of requests>, <period of time in seconds> """ if rate is None: return (None, None) num, period = rate.split('/') num_requests = int(num) # 只取了第一位,也就是 3/mimmmmmmm也是表明一分鐘 duration = {'s': 1, 'm': 60, 'h': 3600, 'd': 86400}[period[0]] return (num_requests, duration) # 邏輯跟咱自定義的相同 def allow_request(self, request, view): """ Implement the check to see if the request should be throttled. On success calls `throttle_success`. On failure calls `throttle_failure`. """ if self.rate is None: return True self.key = self.get_cache_key(request, view) if self.key is None: return True self.history = self.cache.get(self.key, []) self.now = self.timer() # Drop any requests from the history which have now passed the # throttle duration while self.history and self.history[-1] <= self.now - self.duration: self.history.pop() if len(self.history) >= self.num_requests: return self.throttle_failure() return self.throttle_success() # 成功返回true,而且插入到緩存中 def throttle_success(self): """ Inserts the current request's timestamp along with the key into the cache. """ self.history.insert(0, self.now) self.cache.set(self.key, self.history, self.duration) return True # 失敗返回false def throttle_failure(self): """ Called when a request to the API has failed due to throttling. """ return False def wait(self): """ Returns the recommended next request time in seconds. """ if self.history: remaining_duration = self.duration - (self.now - self.history[-1]) else: remaining_duration = self.duration available_requests = self.num_requests - len(self.history) + 1 if available_requests <= 0: return None return remaining_duration / float(available_requests)
相關文章
- 1. 認證組件權限組件與頻率組件
- 2. drf6 權限和頻率控制組件
- 3. DRF之權限認證頻率組件
- 4. 權限組件
- 5. 頻率組件
- 6. DjangoRestFramework,認證組件、權限組件、頻率組件、url註冊器、響應器、分頁組件
- 7. DjangoRestFramework學習三之認證組件、權限組件、頻率組件、url註冊器、響應器、分頁組件
- 8. Django中rest_framework的認證組件,權限組件,頻率組件,序列化組件的最簡化版接口
- 9. 權限組件permission
- 10. DRF權限組件
- 更多相關文章...
- • ASP AdRotator 組件 - ASP 教程
- • ASP Content Linking 組件 - ASP 教程
- • 互聯網組織的未來:剖析GitHub員工的任性之源
- • IntelliJ IDEA安裝代碼格式化插件
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
